It looks like I spoke too soon about the Lynn affair being closed. ISS is now pursuing Web sites posting Mike Lynn's presentation. For example, Rick Forno has removed his copy of the Lynn slides after receiving a cease-and-desist letter from lawyers representing ISS. The document (.pdf), by DLA Piper Rudnick Gray Cary US LLP attorney Andrew P. Valentine features this piece of exceptional grammar:
"The posting is located on your [Forno's] website... and relates to a presentation that ISS decided not go give [sic] at the Black Hat 2005 USA Conference in Las Vegas, Nevada."
The letter also states
"On Wednesday, ISS and Cisco sued Mr. Lynn and Black Hat for claims of copyright infringement, misappropriation of trade secrets, and breach of employment agreement in connection with improper distribution of the material. On Thursday, Judge Jeffrey White of the United States District Court for the Northern District of California issued a permanent injunction preventing further distribution of the material...
We also understand that the unlawful distribution of this information is the subject of a federal investigation."
I wonder how ISS and Cisco will handle Web sites located outside of the US, like the disLEXia 3000 blog? Maximillian Dornseif makes several good points in his blog, including asking whether the slides Lynn showed at Black Hat are the same as those now circulating on the Web.
The "stipulated permanent injunction" faxed to Rick Forno contains an interesting paragraph:
"Lynn... acknowledges that ISS did not authorize him to present [his talk] and which he had notified ISS he would not present. In particular, ISS had directed no presentation or live demonstration would be made which included disassembled Cisco code and the 'pointers'. (ISS and Cisco stipulate that they had prepared an alternative presentation designed to discuss Internet security, including the flaw which Lynn had identified, but without revealing Cisco code or pointers which might help enable third parties to exploit the flaw, but were informed they would not be allowed to present that presentation at the conference)."
I assume Jeff Moss was the party that would not allow ISS and Cisco to present at Black Hat.
It looks like Cisco employee John Noh wrote the injunction?
Update: Check out the photographs of slides from Mike's talk posted at Tom's Networking.
0 komentar:
Posting Komentar